package com.myown.util;

import java.util.List;
import java.util.regex.Pattern;

/**
 * 防sql注入工具类 <p>
 * @author lincky
 * @version v1.0.0
 */
public class AntiSqlInjectionUtil {

    // sql非法字符集
    public final static String ILLEGAL_REG = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)";
    // sql非法字符集正则格式
    public final static Pattern ILLEGAL_REG_PATTERN = Pattern.
            compile(ILLEGAL_REG, Pattern.CASE_INSENSITIVE);

    /**
     * 参数是否合法,重构String <p>
     *
     * @param str 过滤字符串
     * @return <tt>false</tt> - 含有非法字符串
     */
    public static boolean isIllegalParameter(String str) {
        return str == null || !ILLEGAL_REG_PATTERN.matcher(str).find();
    }

    /**
     * 参数是否合法，重构<tt>List<String></tt> <p>
     * @param strList 过滤字符串List
     * @return <tt>false</tt> - 含有非法字符串
     */
    public static boolean isIllegalParameter(List<String> strList) {
        if (strList == null || strList.size() == 0) {
            return true;
        }
        for (String paramater: strList) {
            if (!isIllegalParameter(paramater)) {
                return false;
            }
        }
        return true;
    }

}
